: About Custom Threat Signatures
Focus
Focus

About Custom Threat Signatures

Table of Contents

About Custom Threat Signatures

Detect and block specific traffic with custom spyware and vulnerability signatures.
Our next-generation firewalls allow you to create custom threat signatures to monitor malicious activity or integrate third-party signatures. As with Palo Alto Networks threat signatures, you can detect, monitor, and prevent network-based attacks with custom threat signatures. Build your signature by examining packet captures for regular expression patterns that uniquely identify spyware activity and vulnerability exploits. The firewall will scan network traffic for these patterns and act based on the action specified during configuration upon threat detection. Be sure to use custom threat signatures as part of anti-spyware and vulnerability protection profiles to detect and handle command-and-control (C2) activity and system flaws that an attacker might attempt to exploit.
You can also define a combination signature for brute force attacks—a custom threat signature that triggers when traffic matches a specified pattern a certain number of times in a given time interval.